PRIVACY POLICY

PRIVACY POLICY for IDEX Biometrics ASA

Processing of personal data in IDEX Biometrics ASA (“IDEX”).

Last updated 2 June 2020

When you use our website and/or are in contact with us in connection with receiving market and business information (newsletter) from us, IDEX will process personal data about you. Below you will find information about personal data collected, why we do this, and your rights related to the processing of personal data.

The data controller for the personal data we process is IDEX. The contact information is:

For questions you may have regarding our processing of your personal data, please contact us.

Why do we collect personal data and what information we collect

We collect and use your personal data for different purposes, depending on who you are and how we came into contact with you. We collect the following personal data for the purposes stated here:

Send out marketing, newsletters and provide information about our business: name, position, email address, company, and website. The process takes place based on an agreement with you.

Recruitment to new positions at IDEX: CV, application, attestations and references. Processing of personal data is based on the consent you have given.

For information on using our website, we use cookies. You can read more about cookies and what cookies we use in our Cookie Policy. We process personal data based on an interest assessment. We have considered it necessary for us to do this to customize the website of our users. However, we take care of your privacy by using only the statistics information. In this statistic, it is not possible to identify you as an individual.

From our suppliers, customers and others we process personal data. This is based on individual agreements and legitime interests.

Use of data Processors and sub-suppliers

IDEX uses data processors to collect, store or otherwise process personal data on our behalf. In addition to the data processor, IDEX may use vendors, service providers, and partners who may help with some of IDEX’s data processing and storage, including customer support services at IDEX’s partners. They may also assist with monitoring IDEX’s servers for technical reasons. These vendors (as well as IDEX personnel) can access certain information about you and your account to carry out their work. Such vendors are not allowed to use this data for non-IDEX purposes. In such cases, we have entered into agreements to ensure information security at all stages of the data processing.

Transfer of personal Data to others

You are informed that the whole or any part of your personal data may be processed by IDEX, its affiliates and subcontractors in the United States, in the European Union and the rest of the world, and may be transferred outside the country in which you provided personal data. International transfers of personal data are made in compliance with relevant international data protection laws and regulation.

Our sub-supplier West LLC complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. West Unified Communications Services and West IP Communications have certified to the Department of Commerce that they adhere to the Privacy Shield Principles.

Storage

We store your personal information with us as long as necessary for the purpose for which the personal data was collected. This means, for example that personal data we process based on your consent will be deleted if you withdraw your consent. Personal data we process to fulfill an agreement with you will be deleted when the agreement is fulfilled and all obligations arising from the agreement are fulfilled.

Your rights when we process personal information about you

You have the right to require access, correction or deletion of personal data we are processing about you. You also have the right to demand limited processing, objection to processing and claim the right to data portability. You can read more about the content of these rights on the Norwegian Data Protection Authority‘s website: www.datatilsynet.no.

To take advantage of your rights, you must send an e-mail to mailbox@idexbiometrics.com. We will respond to your inquiry to us as soon as possible and no later than 30 days.

You may withdraw your consent for processing personal information at any time. The easiest way to do this is to use the unsubscribe function in an e-mail, or to send an e-mail to mailbox@idexbiometrics.com.

Complaints

If you believe that our processing of personal data does not match what we have described here or we otherwise violate privacy laws, you may appeal to the Norwegian Data Protection Authority.

For information on how to contact the Norwegian Data Protection Authority, visit its website: www.datatilsynet.no.

Changes

IDEX may from time to time update this Privacy Policy. IDEX encourages you to periodically review this Privacy Policy to be informed of the latest changes. Whenever a change to this policy is significant, IDEX will place a prominent notice on its webpage.

Governing Law and Venue

This Privacy Policy is governed and interpreted in accordance with the laws of Norway, without giving effect to any choice of law or conflict of law provisions that would cause the application of any other nation’s laws. You agree to exclusive jurisdiction by the courts located in Oslo, Norway and waive any jurisdictional, venue or inconvenient forum objections to such courts.